Ransom Trojan

UDS:Trojan-Ransom.MSIL.Purgen removal guide

Malware Removal

The UDS:Trojan-Ransom.MSIL.Purgen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What UDS:Trojan-Ransom.MSIL.Purgen virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine UDS:Trojan-Ransom.MSIL.Purgen?


File Info:

name: 86B6AC51BE84DA351FA3.mlw
path: /opt/CAPEv2/storage/binaries/ddddeb0e5f5c25275369f01bf82f27c44faeeb86198dece557d1db14cfd05eed
crc32: 704E91E8
md5: 86b6ac51be84da351fa3d980ed26bf8b
sha1: dfac93894f9a4f87dc2e8a97d1395a0a843a957a
sha256: ddddeb0e5f5c25275369f01bf82f27c44faeeb86198dece557d1db14cfd05eed
sha512: 9ad839c2937ddebab7fd598b99e36595aa441559af8cb8dfb446b705ec6da957346e37833d0cfe776cdee73b8cc947f106a1614b63e812a0935c475d1e1fd797
ssdeep: 24576:bDyZgZ9BNpRP52WHfWfVCXL2vfkom1kYkPtdj3x2OEBrDCZ4qqPEC0khgDff:6iZ3NpRPwmfWdCXLek11VkPtdT8OcrDK
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1ED65014C26A1E477C1632FF884A25F531131FDA27B63426E1194BDA97932E446BF3A33
sha3_384: 0892baedc34af8a55d2b7fbe21b156f6e1eedac59d0de1c8e9bcf8cc4ae696f5681b901a5d2070feb521c92567701f36
ep_bytes: 4883ec28e85b0700004883c428e90600
timestamp: 2062-07-25 12:18:00

Version Info:

ProductName: BlueStacks 5
FileDescription: BlueStacks Setup
CompanyName: BlueStack Systems Inc.
LegalCopyright: Copyright (c) 2010-2021 BlueStack Systems Inc.
LegalTrademarks: d9d4e4c7 4fcf 482f a634 e234f3e4efa1
Comments: c4cc9a35 ab25 4b7d 9472 bd12d581d45d
FileVersion: 19.0.0.0
Guid: b6c55cb6-bd2a-4bc1-9cb7-3ac4b3abc8fd
Translation: 0x0000 0x04e4

UDS:Trojan-Ransom.MSIL.Purgen also known as:

Elasticmalicious (high confidence)
DrWebTrojan.MulDrop19.13966
CynetMalicious (score: 100)
FireEyeGeneric.mg.86b6ac51be84da35
ALYacTrojan.GenericKD.38243924
MalwarebytesTrojan.PCrypt.MSIL.Generic
SangforRansom.MSIL.Purgen.gen
K7AntiVirusTrojan ( 0058b9dd1 )
AlibabaRansom:MSIL/Purgen.2d4bd234
K7GWTrojan ( 0058b9dd1 )
CrowdStrikewin/malicious_confidence_70% (W)
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Kryptik.ADRR
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
KasperskyUDS:Trojan-Ransom.MSIL.Purgen.gen
BitDefenderTrojan.GenericKD.38243924
MicroWorld-eScanTrojan.GenericKD.38243924
TencentMsil.Trojan.Purgen.Ecao
Ad-AwareTrojan.GenericKD.38243924
EmsisoftTrojan.GenericKD.38243924 (B)
TrendMicroRansom_Purgen.R002C0DLA21
McAfee-GW-EditionBehavesLike.Win64.Dropper.tc
SophosMal/Generic-S
Paloaltogeneric.ml
AviraTR/Kryptik.zihfn
Antiy-AVLTrojan/Generic.ASMalwS.34E8DB0
GridinsoftRansom.Win64.Sabsik.sa
MicrosoftTrojan:Win32/AgentTesla!ml
ViRobotTrojan.Win32.Z.Ransomx.1523200
GDataMSIL.Backdoor.DCRat.TT28QK
AhnLab-V3Trojan/Win.Generic.C4852047
McAfeeArtemis!86B6AC51BE84
MAXmalware (ai score=85)
CylanceUnsafe
eGambitUnsafe.AI_Score_100%
FortinetMSIL/Kryptik.ADRR!tr
AVGWin32:RansomX-gen [Ransom]
Cybereasonmalicious.94f9a4
PandaTrj/CI.A

How to remove UDS:Trojan-Ransom.MSIL.Purgen?

UDS:Trojan-Ransom.MSIL.Purgen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment